<?php
/**
	Classes:
		user (myDbTb :: myClass)
*/
class user extends myDbTb {
	public $id;
	public $firstname;
	public $lastname;
	public $email;
	public $phone;
	public $sec_phone;
	public $address_id;
	public $order;
	public $address;
	public $site_domain;	//each user belongs to a unique site
	public $password;
	public $cfm_key;
	public $isAdmin=false;

	/**
	 * This procedure will set user settings to default
	 */
	function init_defaults($site_domain){
		if (isset($site_domain)) $this->site_domain=$site_domain;
	}
	/**
	 * User login
	 * It fills the user id if the user email meets any user data. If login succed returns true.
	 */
	function login() {
		global $server;
		$sql = "select c.id from " .
		TABLE_CUSTOMERS . " c" .
		" where c.email LIKE '" . $this->email . "'";
		$result = $server->db->link->query($sql);
		$user_check = ($result->num_rows == 1);
		if ($user_check) {
			// The user email meets same user email. We will check now if the password is correct
			list($this->id)=$result->fetch_row();
			$sql = "select c.id from " .
			TABLE_CUSTOMERS . " c" .
			" where c.email LIKE '" . $this->email . "'" .
			" and c.password LIKE '" . $this->password . "'";
			$pwd_check = $this->sql_request($sql);
			if (!$pwd_check) $this->password=null;
			// We will check for if the user is admin
			else {
				$sql = "select a.id from " .
				TABLE_ADMINISTRATORS . " a" .
				" where a.user_id = " . $this->id;
				$result = $server->db->link->query($sql);
				$admin_check = ($result->num_rows == 1);
				$this->isAdmin=$admin_check;
			}
			return $pwd_check;
		}
		else {
			// When there is no user with the correspondent emai it sets it to null.
			// This way we have a way to know whether or not the email belongs to an user
			$this->email=null;
			return false;
		}
	}
	// It loads user data
	function db_load() {
		$sql = "select c.* from " .
		TABLE_CUSTOMERS . " c" .
		" where c.id = '" . $this->id . "'";
		return $this->sql_request($sql);
	}
	/**
	 * It inserts user data to database
	 * It returns false if the data has not been inserted.
	 */
	function db_insert() {
		$sql = "INSERT INTO "
				. TABLE_CUSTOMERS
			. " ("
				. " email"
				. " , password"
			. " ) VALUES ("
				. " '" . $this->email ."'"
				. " , '" . $this->password ."'"
			. " )";
		return $this->sql_request($sql);
	}
	/**
	 * It inserts user data to database
	 * It returns false if the data has not been inserted.
	 */
	function db_insert_full_deprecated() {
		$sql = "INSERT INTO "
				. TABLE_CUSTOMERS
			. " ("
				. " firstname"
				. " , lastname"
				. " , email"
				. " , phone"
				. " , password"
				. " , address_id"
				. " , sec_phone"
			. " ) VALUES ("
				. " '" . $this->firstname ."'"
				. " , '" . $this->lastname ."'"
				. " , '" . $this->email ."'"
				. " , '" . $this->phone ."'"
				. " , '" . $this->password ."'"
				. " , " . $this->addresss_id
				. " , '" . $this->sec_phone ."'"
			. " )";
		return $this->sql_request($sql);
	}
	/**
	 * It updates user data (except login data) to DB.
	 * It returns 0 if the data has not been updated.
	 */
	function db_update() {
		$sql = "UPDATE "
				. TABLE_CUSTOMERS . " c "
				. " SET"
				. " c.firstname='" . $this->firstname . "'"
				. " , c.lastname='" . $this->lastname . "'"
				. " , c.phone='" . $this->phone . "'"
				. " , c.sec_phone='" . $this->sec_phone . "'"
				. " , c.address_id='" . $this->address_id . "'"
			. " WHERE"
				. " c.id ='".$this->id."'";

		return $this->sql_request($sql);
	}
	/**
	 * It updates user default_address_id to DB.
	 * It returns false if the data has not been updated.
	 */
	function db_update_address_id() {
		$sql = "UPDATE "
				. TABLE_CUSTOMERS . " c"
				. " SET"
				. " c.address_id='" . $this->address_id . "'"
				. " WHERE"
				. " c.id =" . $this->id;
		return $this->sql_request($sql);
	}
	// Checks if the email is meeting the correct format
	function check_email() {
		if (!(preg_match("/.+\@.+\..+/", $this->email))) $this->email='';
		return $this->email;
	}
	function cfm() {
		$sql = "UPDATE "
				. TABLE_CUSTOMERS . " c"
				. " SET"
				. " c.cfm_key='" . $this->cfm_key . "'"
				. " WHERE"
				. " c.id =" . $this->id;
		return $this->sql_request($sql);
	}
}


class admin extends user {
	public $processed_orders;
	public $unprocessed_orders;
	/**
	 * Distributor login
	 * It fills the distributor user id if the email meets any user-distributor data. If login succed returns true.
	 */
	function login() {
		global $server;
		$sql = "select c.id from " .
		TABLE_CUSTOMERS . " c" .
		" inner join " . TABLE_DISTRIBUTORS . " d" .
		" on c.id=d.user_id" .
		" where c.email like '" . $this->email . "'";
		$result = $server->db->link->query($sql);
		$user_check = ($result->num_rows == 1);
		if ($user_check) {
			// The user email meets same user email. We will check now if the password is correct
			list($this->id)=$result->fetch_row();
			$sql = "select c.id from " .
			TABLE_CUSTOMERS . " c" .
			" where c.email LIKE '" . $this->email . "'" .
			" and c.password LIKE '" . $this->password . "'";
			$pwd_check = $this->sql_request($sql);
			if (!$pwd_check) $this->password=null;
			return $pwd_check;
		}
		else {
			// When there is no user with the correspondent emai it sets it to null.
			// This way we have a way to know whether or not the email belongs to an user
			$this->email=null;
			return false;
		}
	}
	/*
	 * It converts the received text in a condition of a sql search
	 */
	function searchTermToQuery($searchTerm) {
		// It detects if it is a phone number
		if (preg_match("/\d{7}/",$searchTerm)) $query=" AND (o.phone LIKE '%$searchTerm%' OR c.phone LIKE '%$searchTerm%' OR o.sec_phone LIKE '%$searchTerm%' OR c.sec_phone LIKE '%$searchTerm%')";
		// It detects if it is a phone number
		else if (preg_match("/@/",$searchTerm)) $query=" AND (c.email LIKE '%$searchTerm%')";
		// It detects if it is a date. From-date,to-date.
		else if (strstr($searchTerm,'-')) {
			$dates=explode(',',$searchTerm);	//From, To
			if (isset($dates[1])) $query=" AND DATE_FORMAT(o.status_date, '%Y-%m-%d') BETWEEN '" . $dates[0] . "' AND '" . $dates[1] ."'";
			else $query=" AND DATE_FORMAT(o.status_date, '%Y-%m-%d') = '" . $dates[0] . "'";
		}
		// It detects if it is a postcode
		else if (preg_match("/\d{4}/",$searchTerm)) $query=" AND a.postcode LIKE '%$searchTerm%'";
		// It detects if it is a firstname or lastname
		else if (preg_match("/\D{3}/",$searchTerm)) {
			$names=explode(' ',$searchTerm);
			foreach ($names as $name) {
				$query.=" AND (o.firstname LIKE '%$name%' OR  o.lastname LIKE '%$name%' OR c.firstname LIKE '%$name%' OR  c.lastname LIKE '%$name%')";
			}
		}
		return $query;
	}
	
	/*
	 * It sets the sql search and complets it with the sql condition form the method search_term_to_query. It returns the resulting orders ().
	 */
	function get_orders_search($query, $limit) {
		global $server;
		$orders_array= array();
		$sql = "SELECT o.id, o.user_id FROM " .
			TABLE_ORDERS . " o, " .
			TABLE_CUSTOMERS . " c, " .
			TABLE_ADDRESS_BOOK . " a" .
			" WHERE o.user_id=c.id".
			" and a.id=o.address_id".
			" and o.status >1";
		if ($query) $sql .= $query;
		$sql .=" GROUP BY o.id ORDER BY o.status_date DESC, a.firstname ASC LIMIT ".$limit;
		$result = $server->db->link->query($sql);
		while (list($orders_id, $customers_id) = $result->fetch_row()) {
			$order = new order();
			$order->id=$orders_id;
			$order->user_id=$customers_id;
			array_push($orders_array,$order);
		}
		return $orders_array;
	}
	
	/*
	 * It loads the orders ids with the status codition at the argument
	 */
	function get_orders($status_condition, $limit, $order='status_date DESC') {
		global $server;
		$orders_array= array();
		$sql = "SELECT o.id, o.user_id FROM " .
			TABLE_ORDERS . " o " .
			" WHERE o.status ".$status_condition.
			" GROUP BY o.id ORDER BY ".$order." LIMIT ".$limit;
		$result = $server->db->link->query($sql);
		while (list($orders_id, $customers_id) = $result->fetch_row()) {
			$order = new order();
			$order->id=$orders_id;
			$order->user_id=$customers_id;
			array_push($orders_array,$order);
		}
	  return $orders_array;
	}
}
?>
